Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0389 | 1 Rsa | 1 Ace Agent | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script. | |||||
| CVE-2003-0419 | 1 Smc Networks | 1 Barricade Wireless Cable Dsl Broadband Router | 2008-09-05 | 5.0 MEDIUM | N/A |
| SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR allows remote attackers to cause a denial of service via certain packets to PPTP port 1723 on the internal interface. | |||||
| CVE-2003-0433 | 1 Gnocatan-develop | 1 Gnocatan | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attackers to execute arbitrary code. | |||||
| CVE-2003-0438 | 1 Yuuichi Teranishi | 1 Eldav | 2008-09-05 | 1.2 LOW | N/A |
| eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2003-0445 | 1 Webfs | 1 Webfs | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI. | |||||
| CVE-2003-0451 | 1 Xblockout | 1 Xbl | 2008-09-05 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments. | |||||
| CVE-2003-0500 | 1 Proftpd Project | 1 Proftpd | 2008-09-05 | 10.0 HIGH | N/A |
| SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name. | |||||
| CVE-2003-0537 | 1 Daiki Ueno | 1 Liece Emacs Irc Client | 2008-09-05 | 4.6 MEDIUM | N/A |
| The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporary files insecurely, which could allow local users to overwrite arbitrary files as other users. | |||||
| CVE-2003-0573 | 1 Sgi | 1 Irix | 2008-09-05 | 5.0 MEDIUM | N/A |
| The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, do not perform sufficient sanity checking, with unknown impact. | |||||
| CVE-2003-0599 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root. | |||||
| CVE-2003-0611 | 1 Xtokkaetama | 1 Xtokkaetama | 2008-09-05 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in xtokkaetama 1.0 allow local users to gain privileges via a long (1) -display command line argument or (2) XTOKKAETAMADIR environment variable. | |||||
| CVE-2003-0640 | 1 Bea | 1 Weblogic Server | 2008-09-05 | 10.0 HIGH | N/A |
| BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges. | |||||
| CVE-2003-0651 | 1 Mod Mylo | 1 Mod Mylo | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2003-0683 | 1 Sgi | 1 Irix | 2008-09-05 | 7.5 HIGH | N/A |
| NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certain configurations when an /etc/exports entry uses wildcards without any hostnames or groups, which could allow attackers to bypass intended restrictions. | |||||
| CVE-2003-0155 | 1 Mozilla | 1 Bonsai | 2008-09-05 | 5.0 MEDIUM | N/A |
| bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication. | |||||
| CVE-2003-0177 | 1 Sgi | 1 Irix | 2008-09-05 | 4.6 MEDIUM | N/A |
| SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does not follow "-" entries in the /etc/group file, which may cause subsequent group membership entries to be processed inadvertently. | |||||
| CVE-2003-0241 | 1 Frontrange | 1 Goldmine | 2008-09-05 | 7.5 HIGH | N/A |
| FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sends HTML to the default browser without setting its security zone or otherwise labeling it untrusted, which allows remote attackers to execute arbitrary code via a message that is rendered in IE using a less secure zone. | |||||
| CVE-2003-0249 | 1 Php | 1 Php | 2008-09-05 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report." | |||||
| CVE-2002-2361 | 1 Yahoo | 1 Messenger | 2008-09-05 | 5.8 MEDIUM | N/A |
| The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing. | |||||
| CVE-2002-2391 | 2 Webchat.org, Xoops | 2 Webchat, Xoops | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter. | |||||
| CVE-2002-2386 | 1 Xoops | 1 Xoops | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag. | |||||
| CVE-2002-2387 | 1 Mollensoft Software | 1 Hyperion Ftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command. | |||||
| CVE-2002-2388 | 1 Inweb | 1 Mail Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers to cause a denial of service (crash) via a long HELO command. | |||||
| CVE-2002-2392 | 1 Nullsoft | 1 Winamp | 2008-09-05 | 6.4 MEDIUM | N/A |
| Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code. | |||||
| CVE-2002-2394 | 1 Trend Micro | 1 Interscan Viruswall | 2008-09-05 | 5.0 MEDIUM | N/A |
| InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding. | |||||
| CVE-2002-2395 | 1 Trend Micro | 1 Interscan Viruswall | 2008-09-05 | 5.0 MEDIUM | N/A |
| InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding. | |||||
| CVE-2003-0194 | 1 Redhat | 2 Linux, Tcpdump | 2008-09-05 | 4.6 MEDIUM | N/A |
| tcpdump does not properly drop privileges to the pcap user when starting up. | |||||
| CVE-2002-2410 | 1 Open Webmail | 1 Open Webmail | 2008-09-05 | 5.0 MEDIUM | N/A |
| openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information. | |||||
| CVE-2002-2412 | 1 Nullsoft | 1 Winamp | 2008-09-05 | 2.1 LOW | N/A |
| Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts. | |||||
| CVE-2002-2413 | 2 Deerfield, Microsoft | 3 Website Pro, Windows 9x, Windows Nt | 2008-09-05 | 5.0 MEDIUM | N/A |
| WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name. | |||||
| CVE-2002-2390 | 1 Cerulean Studios | 2 Trillian, Trillian Pro | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request. | |||||
| CVE-2002-2421 | 1 Andrey Cherezov | 1 Acweb | 2008-09-05 | 7.8 HIGH | N/A |
| acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2. | |||||
| CVE-2002-2389 | 1 Fastlink Software | 1 The Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files. | |||||
| CVE-2002-2422 | 1 Compaq | 1 Insight Management Agent | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message. | |||||
| CVE-2002-2359 | 1 Mozilla | 1 Mozilla | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL. | |||||
| CVE-2002-2358 | 1 Opera Software | 1 Opera Web Browser | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL. | |||||
| CVE-2002-2357 | 1 Mailenable | 1 Mailenable | 2008-09-05 | 5.0 MEDIUM | N/A |
| MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a denial of service (crash) via a long USER string, possibly due to a buffer overflow. | |||||
| CVE-2003-0119 | 1 Ibm | 1 Aix | 2008-09-05 | 7.5 HIGH | N/A |
| The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities. | |||||
| CVE-2003-0120 | 1 Mhc-utils | 1 Mhc-utils | 2008-09-05 | 1.2 LOW | N/A |
| adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name. | |||||
| CVE-2002-2360 | 1 Webmin | 1 Webmin | 2008-09-05 | 9.3 HIGH | N/A |
| The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests. | |||||
| CVE-2002-2356 | 1 Hamweather | 1 Hamweather | 2008-09-05 | 6.4 MEDIUM | N/A |
| HAMweather 2.x allows remote attackers to modify administrative settings and obtain sensitive information via a direct request to hwadmin.cgi. | |||||
| CVE-2003-0142 | 1 Adobe | 1 Acrobat Reader | 2008-09-05 | 5.0 MEDIUM | N/A |
| Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function. | |||||
| CVE-2002-2367 | 1 Socks5 | 1 Socks5 | 2008-09-05 | 7.8 HIGH | N/A |
| Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname. | |||||
| CVE-2002-2415 | 1 Alliedtelesyn | 2 At-8024, Rapier 24 | 2008-09-05 | 6.8 MEDIUM | N/A |
| Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service. | |||||
| CVE-2002-2368 | 1 Nec | 1 Socks 5 | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the HandleS4Connection function in proxy.c for the SOCKS4 module. | |||||
| CVE-2002-2362 | 1 Sourceforge | 1 Mymarket | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in form_header.php in MyMarket 1.71 allows remote attackers to inject arbitrary web script or HTML via the noticemsg parameter. | |||||
| CVE-2002-2363 | 1 Hp | 1 Hp-ux | 2008-09-05 | 7.2 HIGH | N/A |
| VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges. | |||||
| CVE-2002-2364 | 1 Sourceforge | 1 Php Ticket | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a help ticket. | |||||
| CVE-2002-2365 | 1 Springer Verlag Berlin Heidelberg | 1 Simple Wais | 2008-09-05 | 10.0 HIGH | N/A |
| Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character. | |||||
| CVE-2002-2366 | 1 Cerulean Studios | 1 Trillian | 2008-09-05 | 6.8 MEDIUM | N/A |
| Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml. | |||||